Change ex-container to use BARE_USER_ONLY, update core creation API
Switch `ex container` to `OSTREE_REPO_MODE_BARE_USER_ONLY`; this is a good match, for the same reasons as flatpak. We don't want suid binaries, we don't want to chown anything, no SELinux labeling, etc. There's no reason to write the metadata to the `BARE_USER` xattrs. The "unprivileged" context as used for `ex container` was a flag that was passed down, but I think it's a lot easier if things just infer this state by looking at whether the target repo is `bare-user-only`. Now we just have an `rpmostree_context_new_tree()` API that handles both container and compose. Closes: #1026 Approved by: jlebon
This commit is contained in:
parent
d16d53ecae
commit
d4af84d428
@ -749,7 +749,7 @@ impl_compose_tree (const char *treefile_pathstr,
|
||||
if (fchdir (self->workdir_dfd) != 0)
|
||||
return glnx_throw_errno_prefix (error, "fchdir");
|
||||
|
||||
self->corectx = rpmostree_context_new_compose (self->cachedir_dfd, cancellable, error);
|
||||
self->corectx = rpmostree_context_new_tree (self->cachedir_dfd, self->repo, cancellable, error);
|
||||
if (!self->corectx)
|
||||
return FALSE;
|
||||
|
||||
|
@ -82,6 +82,10 @@ roc_context_init (ROContainerContext *rocctx,
|
||||
if (!rocctx->repo)
|
||||
return FALSE;
|
||||
|
||||
OstreeRepoMode mode = ostree_repo_get_mode (rocctx->repo);
|
||||
if (mode != OSTREE_REPO_MODE_BARE_USER_ONLY)
|
||||
return glnx_throw (error, "container repos are now required to be in bare-user-only mode");
|
||||
|
||||
if (!glnx_opendirat (rocctx->userroot_dfd, "roots", TRUE, &rocctx->roots_dfd, error))
|
||||
return FALSE;
|
||||
|
||||
@ -97,7 +101,8 @@ roc_context_prepare_for_root (ROContainerContext *rocctx,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
rocctx->ctx = rpmostree_context_new_unprivileged (rocctx->userroot_dfd, NULL, error);
|
||||
rocctx->ctx = rpmostree_context_new_tree (rocctx->userroot_dfd, rocctx->repo,
|
||||
cancellable, error);
|
||||
if (!rocctx->ctx)
|
||||
return FALSE;
|
||||
|
||||
@ -153,7 +158,7 @@ rpmostree_container_builtin_init (int argc,
|
||||
}
|
||||
|
||||
rocctx->repo = ostree_repo_create_at (rocctx->userroot_dfd, "repo",
|
||||
OSTREE_REPO_MODE_BARE_USER, NULL,
|
||||
OSTREE_REPO_MODE_BARE_USER_ONLY, NULL,
|
||||
cancellable, error);
|
||||
if (!rocctx->repo)
|
||||
return FALSE;
|
||||
|
@ -347,9 +347,14 @@ rpmostree_context_new_system (GCancellable *cancellable,
|
||||
return self;
|
||||
}
|
||||
|
||||
static RpmOstreeContext *
|
||||
rpmostree_context_new_internal (int userroot_dfd,
|
||||
gboolean unprivileged,
|
||||
/* Create a context that assembles a new filesystem tree, possibly without root
|
||||
* privileges. Some behavioral distinctions are made by looking at the undelying
|
||||
* OstreeRepoMode. In particular, an OSTREE_REPO_MODE_BARE_USER_ONLY repo
|
||||
* is assumed to be for unprivileged containers/buildroots.
|
||||
*/
|
||||
RpmOstreeContext *
|
||||
rpmostree_context_new_tree (int userroot_dfd,
|
||||
OstreeRepo *repo,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
@ -358,8 +363,6 @@ rpmostree_context_new_internal (int userroot_dfd,
|
||||
if (!ret)
|
||||
return NULL;
|
||||
|
||||
ret->unprivileged = unprivileged;
|
||||
|
||||
{ g_autofree char *reposdir = glnx_fdrel_abspath (userroot_dfd, "rpmmd.repos.d");
|
||||
dnf_context_set_repo_dir (ret->hifctx, reposdir);
|
||||
}
|
||||
@ -377,35 +380,11 @@ rpmostree_context_new_internal (int userroot_dfd,
|
||||
}
|
||||
|
||||
/* open user root repo if exists (container path) */
|
||||
struct stat stbuf;
|
||||
if (!glnx_fstatat_allow_noent (userroot_dfd, "repo", &stbuf, 0, error))
|
||||
return NULL;
|
||||
if (errno == 0)
|
||||
{
|
||||
ret->ostreerepo = ostree_repo_open_at (userroot_dfd, "repo", cancellable, error);
|
||||
if (!ret->ostreerepo)
|
||||
return NULL;
|
||||
}
|
||||
ret->ostreerepo = repo ? g_object_ref (repo) : NULL;
|
||||
|
||||
return g_steal_pointer (&ret);
|
||||
}
|
||||
|
||||
RpmOstreeContext *
|
||||
rpmostree_context_new_compose (int basedir_dfd,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
return rpmostree_context_new_internal (basedir_dfd, FALSE, cancellable, error);
|
||||
}
|
||||
|
||||
RpmOstreeContext *
|
||||
rpmostree_context_new_unprivileged (int basedir_dfd,
|
||||
GCancellable *cancellable,
|
||||
GError **error)
|
||||
{
|
||||
return rpmostree_context_new_internal (basedir_dfd, TRUE, cancellable, error);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
rpmostree_context_ensure_tmpdir (RpmOstreeContext *self,
|
||||
const char *subdir,
|
||||
@ -1769,9 +1748,6 @@ import_one_package (RpmOstreeContext *self,
|
||||
if (!dnf_transaction_gpgcheck_package (dnf_context_get_transaction (hifctx), pkg, error))
|
||||
return FALSE;
|
||||
|
||||
if (self->unprivileged)
|
||||
flags |= RPMOSTREE_UNPACKER_FLAGS_UNPRIVILEGED;
|
||||
|
||||
/* Only set SKIP_EXTRANEOUS for packages we know need it, so that
|
||||
* people doing custom composes don't have files silently discarded.
|
||||
* (This will also likely need to be configurable).
|
||||
|
@ -37,11 +37,8 @@ G_DECLARE_FINAL_TYPE (RpmOstreeTreespec, rpmostree_treespec, RPMOSTREE, TREESPEC
|
||||
RpmOstreeContext *rpmostree_context_new_system (GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
RpmOstreeContext *rpmostree_context_new_compose (int basedir_dfd,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
RpmOstreeContext *rpmostree_context_new_unprivileged (int basedir_dfd,
|
||||
RpmOstreeContext *rpmostree_context_new_tree (int basedir_dfd,
|
||||
OstreeRepo *repo,
|
||||
GCancellable *cancellable,
|
||||
GError **error);
|
||||
|
||||
|
@ -713,7 +713,11 @@ import_rpm_to_repo (RpmOstreeUnpacker *self,
|
||||
cb_data fdata = { self, &cb_error };
|
||||
|
||||
OstreeRepoCommitFilter filter;
|
||||
if ((self->flags & RPMOSTREE_UNPACKER_FLAGS_UNPRIVILEGED) > 0)
|
||||
/* This logic replaces our old UNPRIVILEGED flag; we now assume bare-user-only
|
||||
* is unprivileged, anything else is a compose.
|
||||
*/
|
||||
const gboolean unprivileged = ostree_repo_get_mode (repo) == OSTREE_REPO_MODE_BARE_USER_ONLY;
|
||||
if (unprivileged)
|
||||
filter = unprivileged_filter_cb;
|
||||
else
|
||||
filter = compose_filter_cb;
|
||||
@ -721,6 +725,8 @@ import_rpm_to_repo (RpmOstreeUnpacker *self,
|
||||
/* If changing this, also look at changing rpmostree-postprocess.c */
|
||||
OstreeRepoCommitModifierFlags modifier_flags =
|
||||
OSTREE_REPO_COMMIT_MODIFIER_FLAGS_ERROR_ON_UNLABELED;
|
||||
if (unprivileged)
|
||||
modifier_flags |= OSTREE_REPO_COMMIT_MODIFIER_FLAGS_CANONICAL_PERMISSIONS;
|
||||
g_autoptr(OstreeRepoCommitModifier) modifier =
|
||||
ostree_repo_commit_modifier_new (modifier_flags, filter, &fdata, NULL);
|
||||
ostree_repo_commit_modifier_set_xattr_callback (modifier, xattr_cb,
|
||||
|
@ -38,12 +38,10 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (RpmOstreeUnpacker, g_object_unref)
|
||||
|
||||
/**
|
||||
* RpmOstreeUnpackerFlags:
|
||||
* @RPMOSTREE_UNPACKER_FLAGS_UNPRIVILEGED: Ignore file ownership and setuid modes
|
||||
* @RPMOSTREE_UNPACKER_FLAGS_SKIP_EXTRANEOUS: Skip files/directories outside of supported ostree-compliant paths rather than erroring out
|
||||
*/
|
||||
typedef enum {
|
||||
RPMOSTREE_UNPACKER_FLAGS_UNPRIVILEGED = (1 << 0),
|
||||
RPMOSTREE_UNPACKER_FLAGS_SKIP_EXTRANEOUS = (1 << 1),
|
||||
RPMOSTREE_UNPACKER_FLAGS_SKIP_EXTRANEOUS = (1 << 0),
|
||||
} RpmOstreeUnpackerFlags;
|
||||
|
||||
RpmOstreeUnpacker*
|
||||
|
Loading…
Reference in New Issue
Block a user